A study led by Dr. Soumitra Bhuyan, an Assistant Professor of Health Systems Management and Policy at The University of Memphis School of Public Health discussed about the challenge of deciding the extent of control that a patient has over their electronic health record (EHR) and examining the needs of the healthcare professionals to have knowledge of all the health data for their patient in order to make informed medical care decisions.
[Photo: Dr. Soumitra Bhuyan]
The study discusses two models that account for the security of data in EHRs, while also providing abilities to override the security when in an emergency situation in which the patient’s life could be saved with access to the EHR. The model by Dr. Leventhal and others proposes the patients could restrict access to five sensitive types of data: mental and reproductive health, sexually transmitted diseases, HIV/AIDS, substance abuse and by specific patient age to allow adolescents to have control over parental view of data, with mechanisms to override the restrictions in cases of emergencies. The Attribute Based Access Model (ABAC) establishes ‘permit or deny’ rules in which different roles can be assigned to different providers outside the origin, and different data restrictions apply to each role.
Dr. David Wyant, an Assistant Professor of Management at the Jack C. Masey College of Business, Belmont University and a co-author of this study noted that nondisclosure of health information by the patient in order to protect their health data could “result in care delays, misinformation leading to ineffective or inappropriate care, in addition to incomplete health records.” Another question that is raised in this case is that, “Should providers be held accountable and even liable for damages caused by patients who withhold critical information?.” Further, Dr. Cyril Chang also added that “[a] need exists to find a balance between the rights and desires of the patient and the need for complete patient information to provide high-quality patient care and to safeguard the health of the general public.”
The authors contend an informed decision about redacting information should be made with the patient, while informing them of the consequences of doing so. Further, there is also need to consider the resource utilization when implementing a framework for data restriction and override framework. Moreover, in addition to feasibility and effectiveness of the solution, resource utilization should be an important component of the decision of using any specific solution to address this challenge.
The findings from this study were published online in the July 2016 Topical Collection on Systems-Level Quality Improvement in the Journal of Medical Systems. To read more, click: http://link.springer.com/article/10.1007/s10916-016-0533-2